On Thu, 3 Mar 2005, Simon Windsor wrote:
> I have noted from the documentation that Exim/Exiscan bounces Spam
> and viral email.
It does not "bounce" it (in the sense of composing a non-delivery
report to its envelope-sender address); rather, it "rejects" it (with
a 5xx code at SMTP time). The distinction is vitally important.
It's madness to literally "bounce" spam or viruses. Formerly known as
"collateral", and now more-often referred to by the (IMHO unfortunate)
term of "backscatter". (Myself I think the term "collateral" was more
apt).
See
http://www.ja.net/CERT/JANET-CERT/mail/junk/collateral.html and
*note the date*. This important message is taking *far* too long to
percolate through the heads of certain mail admins.
> Whilst this is good, is it possible to send a short message to the
> designated recipient advising an email from 'sender' was blocked to
> due spam/virus detection?
I'm glad I'm not one of your users, then.
See
http://www.timj.co.uk/linux/sa.php and particularly
http://www.attrition.org/security/rant/av-spammers.html
Reports in *either* direction are bad. If the sender is genuine,
they'll find out soon enough that you *rejected* (not "bounced") their
mail. What they do then is up to them.
That's assuming that you're talking about mail that's incoming from a
peer MTA. If you're talking about mail submission from an MUA by one
of your own users, then the idea of notifying the intended victim is
even more absurd, I'd have to say. We'd happily blacklist your MTA
for that!
best regards